Be sure to configure your network and firewall so that these ports are accessible. Note that ports should be opened for bi-directional communication.

Ports 443 and 8443 must remain open to allow incoming traffic from your data center.

Port

Used by

Notes

443

Dynatrace Managed user interface

Routed to local port 8021 using iptables' prerouting rule. This port must remain open. All communication between Dynatrace OneAgent and Dynatrace Server is handled over secure socket https communication (port 443) with strong cryptography to guarantee your data privacy. Dynatrace OneAgent only sends data outbound to Dynatrace Server—it doesn't open a listening port.

8443

Monitoring data from Dynatrace

Each monitored machine with Dynatrace OneAgent installed on it must access this port. This port must remain open.

8019

Upgrade UI

This port can be closed to traffic coming from outside the Dynatrace cluster. If you're running a Dynatrace Managed cluster, only your cluster nodes need access to this port.

8020, 8021

Dynatrace Managed user interface

Required only internally on the Dynatrace Server machine.

5701-5711

Dynatrace cluster analytics engine

These ports can be closed to traffic coming from outside the Dynatrace cluster. If you're running a Dynatrace Managed cluster, only your cluster nodes need access to these ports.

9042, 9160, 7000, 7001, 7199

Cassandra-based Hypercube storage

These ports can be closed to traffic coming from outside the Dynatrace cluster. If you're running a Dynatrace Managed cluster, only your cluster nodes need access to these ports.

9200, 9300

Elasticsearch-based search engine

These ports can be closed to traffic coming from outside the Dynatrace cluster. If you're running a Dynatrace Managed cluster, only your cluster nodes need access to these ports.

Outbound communication to Dynatrace Mission Control

Dynatrace clusters must be able to communicate to Mission Control (IP addresses 52.5.224.56 and 52.200.165.10, 52.221.165.63, and 13.228.109.33) via HTTPS (port 443) for license validation, health monitoring, and automatic updates. This communication can be routed via a proxy, but the proxy must allow web sockets and, if the proxy is clustered, it must provide sticky sessions for web socket communication.